ÿØÿà JFIF    ÿÛ „  ( %!1"%)+...383-7(-.+  -%%--------+------------/----------------------------ÿÀ  ¶" ÿÄ     ÿÄ @    !1AQaq‘¡"±ÁÑð2’BRráS‚ñ3b¢CT²Ò #cÿÄ    ÿÄ '   1!AQ2a"‘±#ÿÚ   ? ò(/p‘—–¢·,M|¯G»R£üešT. ôŸEoCFñ‡ 4ÔkåóxR|µÁ¨ÓDà!Ç´µ˜‡p ÍQ‹§!þž^õWsŒy  åÁ§$á«%ºq˜™JyyË0y«^Ϗ -3ÃÏËÈ£Æ\P’ä„s&•‹Üs üô'àWt¹pñCp$bÚF`·7.^)¾!)ÒÙ˜–ÅÏš^h¾ø³·ìe±ŒaeÖ—Í,e=B}Jéߦ$$½—šÙÜCC¯¶è8β–Åkèwx LÉngT±æ¹£Ócœ¿Í/©Éÿ ‰ÚCÒ­mq;Tt¶–}0"zÖPcd1š­¤tˆ„ÐÓâqú[™öUCŠ2޿د­É(¸ßúçšmW,Ò ºf‹Ån™ÄLêÁ8üÁkÁ€L¥ÍuJ1œôrÂSŒÓöt!7EUíïb)AËi¬â-ÙHk8òÁiXYwÅ)O^"ÇØriÛô{»wRUKÙÏÚlÓ¬€‚’שT ] ªb—ÊîKC^×M“xùäñz¬zJ× {4[¹M'IÆeH1LCWÕ]œûº WDæà°OÅ‚¹c²ÞuA–rL`HšpCez‡V’— Ž‚Ë„–ñ­'µR0ÕÖ=À:±G»C\nÆÉ5*¢ †3šhQ4ýÒi$Õ1"Ü]¢p-q3zcQ$ªö¨¥æf›‘»´ÝÚHá„e²JÇ–iÊ:·à¬Øc5Åk»Laª*wi [0Ówk ¦a¦0Õ²ÅÅ‚T¸’³q:Æ<¹ú Ò˜Æ}2VE•Ѐp¡Ô3Úº …h³^LJºçì¥Ánó|˜ÖˆÎˆ+« ¦dø‘Mº–d\ªDðÛ„Ì×LÝ——Ð9Ç|•FèçVm™¨€™3õS–9Äå¢<̉Ìm¢±`·º˜&Z²ž Ë®D«¶»6™‰©­HÈ Àá«h­i³04æ’hxœi3ï¨(ÓL·†‹¶ËpŒ ƒÜÒ? :õdsÀ –3æÓ·Üjâ¬9—]8n¼&]I F£¼…ì–—Œ0v°LǐÅfÛ2TÖ’aµ˜N@ÖBSÏ^à´4-±°b×nÈÈœÆD=KdŒø…ÄÈK,›ÖR§fjü$^ÔÎ!„6^ s:Üun\ôkCÞò÷<—Lúl Í›G¹ÀPá¼Nc¡šÒ…ÙWͳœ±vÊáЄ×9‹P‰cEØ‘™›µŸP<×g1 º©Ø¬wiÁ^l5× I/';Ë+´Z‡ÓÄFÕp[Èð’ HÄ ó 9¬Dl4“é±Ï”V=^Hð;žLädÉa‚°Ë,#/Ž~²BÔÛ QãñQtIeórVB,ÏÂf‹4#Μc‹É3ZIÖ Œ¢¥·üxa‡Ãçè„jŠ[5 Ä!U?,3žÎ×…ðdÓ÷háŠA‰ìÄ4÷ÃÜZÃE{‰®+W\ZÍE[‰»µk»MÝ­`¢©†˜ÃV‹-f¢¡†¢a«eŠ%«Y¨©q%jâd,Ôq`) ¤¦…šˆ ¦E>0Ùb²t–Ÿ  ÷jsςҒKÈcø(é›;k(’#ôŒQ ™C> õ³M9óºÆµ¤çâ;uÀ)5>RÔ¸fÓ~Ȧ—’-$fe«"FâUˆÊwµPÏu w+"åÉó¨6s™Û9(À¨ù©hE°½†n`m~“@©›p!Vkhµ Á1šbEqqÊ@ºèl›2 –Yã%‘‚hÛ{a¶‡ÅÞM²¬çL34®Çl]®‹ŽØŒm'RÜe35æöˆ­Á­ cP9šeÁköo´L³Ì=p8]”‡B¶,šº|ɏdzXˆØk*ÇÚ{#ñ‰pã(€¶‡9ý'šÜ³½¯kƒ†Â’ëSOƒ•Å®H6+a¢µˆ‹Y¨b˜b+XˆÖ!°u!¢"µˆˆn2ˆ Å0Ä`Å Ô®c(ÓÜGº•Ä»Œ âWî%q.áÐÄ÷î%umÍ£+ÜQ,Vn¦-GphU¸¢X­&,Gt ·K¢ÅÅ·¥RÄÊÉbKn N­R2g$VµÕó Qr#–ÓZUÏð0ÎtÙÀœz ëöo“Îk¯n„T°"SÞ+³/…€½"ižãO%Í%&Δâ‘ËØ´IˆÓ°Ë‰ÞM3.™yçÁzit›`4C`k¢¼á!álÄï sÂ[×!¤l¾æo"ƒIÔ'@ªu)3›ô®“@Z à¾] üœ'‡4¸PÞkÁ-qÄH‰ÓÍBd´ÿ —¹°ÄA&ÊUC„öz‚‚RæŠtf¬>˜ÑidšEçÑL÷áý¡V±h§­c¿¥¨ƒ@g¼…Ýö^ÞËc.ž„æ“I[ ª+·zÐÒÚ,½Ð»¶€C›7jk$๖€Ž¾ÅÙpp¶ÍþéΤ ½ØÎŒq ñpæžÅ¥#Øâ49ÃÂK^MYV“,¶Éz_òæ:…;Õ«¦I3âJ£¤û5$7Èxün\â]Êe¯(Ÿ&Ž‹¶2<6Ćf× æ¢ƱqWı[(ÙÂŽç‚T7¨@ÈÉÍß‚ïÙ"&3TYlGށ†)†#5ŠA©^T2ÆÁ†)©†©†¤yGXÁ†©"†)©¼ÅV WS†#©]R–r‹q5ÕbâWþBh¯u+ªÅÄ×ü„nÑ^êkªÁj‰jeœWˆÕÕ`µDµ2Ì+Ä µDµµ5Ô{¤Þ0RF’H÷AÛ<ÊÁ§ ƈæ0Ñ£ê4 öÚµ[¬/1²€â<-¬šö²r×0o×w ´xÐÒË„ g01¬„åEM蛇Ã\6µE›‘fÙO k÷CºnÓ1`iîÒ² áÂ!ÑLÄÿ ³¬\õ*:M=Ç»c‹2[‰ØsÕLò\ŒK L^™üÄN\¶#» Ç\……ßïIœÉ$¸ÎñÍ®ÔHÇ Ûí/´>Li”„†g^$ 7NÍÑÑ2M2ªNg=k½Ð}Ÿl6‡ —JWˆ”ÞéT·+µ¦üÂFè¢Vs6ýÆ4»2+2IÝ9ô9®ÇGÙÇ1+Ä8;*Õ§ž½D*îÑWÚçá3Ma¤·ˆ¥t}š²Ü…Q+Æüµ8HíS”üxGéÁˆ¦Ël„éÈ 5 µÄƒ6äÜ(kIš¯S†fÖ&¸®×v|Äyˆ*禌Éù@7-®Ä[]ÎÖ¿ê`º…=:…žJVnݳvðÖKE¼‚ »mà ÷f®:Ë ™–4rð¡4` ܹçž~‹C=œ…¾Ïj|VDtK.ƒ"9 Ï ­–éXá³6WÒïIL-Ї Ç home/smkb8269/public_html/lms.smk-almanshuriyah.sch.id/mnet/xmlrpc/client.php000064400000041372152266576040023144 0ustar00dirroot.'/mnet/lib.php'; /** * Class representing an XMLRPC request against a remote machine */ class mnet_xmlrpc_client { var $method = ''; var $params = array(); var $timeout = 60; var $error = array(); var $response = ''; var $mnet = null; /** * Constructor */ public function __construct() { // make sure we've got this set up before we try and do anything else $this->mnet = get_mnet_environment(); } /** * Allow users to override the default timeout * @param int $timeout Request timeout in seconds * $return bool True if param is an integer or integer string */ public function set_timeout($timeout) { if (!is_integer($timeout)) { if (is_numeric($timeout)) { $this->timeout = (integer)$timeout; return true; } return false; } $this->timeout = $timeout; return true; } /** * Set the path to the method or function we want to execute on the remote * machine. Examples: * mod/scorm/functionname * auth/mnet/methodname * In the case of auth and enrolment plugins, an object will be created and * the method on that object will be called */ public function set_method($xmlrpcpath) { if (is_string($xmlrpcpath)) { $this->method = $xmlrpcpath; $this->params = array(); return true; } $this->method = ''; $this->params = array(); return false; } /** * Add a parameter to the array of parameters. * * @param string $argument A transport ID, as defined in lib.php * @param string $type The argument type, can be one of: * i4 * i8 * int * double * string * boolean * datetime | dateTime.iso8601 * base64 * null * array * struct * @return bool True on success */ public function add_param($argument, $type = 'string') { // Convert any use of the old 'datetime' to the correct 'dateTime.iso8601' one. $type = ($type === 'datetime' ? 'dateTime.iso8601' : $type); // BC fix, if some argument is array and comes as string, change type to array (sequentials) // or struct (associative). // This is the behavior of the encode_request() method from the xmlrpc extension. // Note that uses in core have been fixed, but there may be others using that. if (is_array($argument) && $type === 'string') { if (array_keys($argument) === range(0, count($argument) - 1)) { $type = 'array'; } else { $type = 'struct'; } mnet_debug('Incorrect ' . $type . ' param passed as string in mnet_xmlrpc_client->add_param(): ' . json_encode($argument)); } if (!isset(\PhpXmlRpc\Value::$xmlrpcTypes[$type])) { // Arrived here, still erong type? Let's stop. return false; } // If we are array or struct, we need to ensure that, recursively, all the elements are proper values. // or serialize, used later on send() won't work with them. Encoder::encode() provides us with that. if ($type === 'array' || $type === 'struct') { $encoder = new \PhpXmlRpc\Encoder(); $this->params[] = $encoder->encode($argument); } else { // Normal scalar case. $this->params[] = new \PhpXmlRpc\Value($argument, $type); } return true; } /** * Send the request to the server - decode and return the response * * @param object $mnet_peer A mnet_peer object with details of the * remote host we're connecting to * @param bool $rekey The rekey attribute stops us from * getting into a loop. * @return mixed A PHP variable, as returned by the */ public function send($mnet_peer, bool $rekey = false) { global $CFG, $DB; if (!$this->permission_to_call($mnet_peer)) { mnet_debug("tried and wasn't allowed to call a method on $mnet_peer->wwwroot"); return false; } $request = new \PhpXmlRpc\Request($this->method, $this->params); $requesttext = $request->serialize('utf-8'); $signedrequest = mnet_sign_message($requesttext); $encryptedrequest = mnet_encrypt_message($signedrequest, $mnet_peer->public_key); $client = $this->prepare_http_request($mnet_peer); $timestamp_send = time(); mnet_debug("about to send the xmlrpc request"); $response = $client->send($encryptedrequest, $this->timeout); mnet_debug("managed to complete a xmlrpc request"); $timestamp_receive = time(); if ($response->faultCode()) { $this->error[] = $response->faultCode() .':'. $response->faultString(); return false; } $rawresponse = trim($response->value()); // Because MNet responses ARE NOT valid xmlrpc, don't try any PhpXmlRpc facility. $mnet_peer->touch(); $crypt_parser = new mnet_encxml_parser(); $crypt_parser->parse($rawresponse); // If we couldn't parse the message, or it doesn't seem to have encrypted contents, // give the most specific error msg available & return if (!$crypt_parser->payload_encrypted) { if (! empty($crypt_parser->remoteerror)) { $this->error[] = '4: remote server error: ' . $crypt_parser->remoteerror; } else if (! empty($crypt_parser->error)) { $crypt_parser_error = $crypt_parser->error[0]; $message = '3:XML Parse error in payload: '.$crypt_parser_error['string']."\n"; if (array_key_exists('lineno', $crypt_parser_error)) { $message .= 'At line number: '.$crypt_parser_error['lineno']."\n"; } if (array_key_exists('line', $crypt_parser_error)) { $message .= 'Which reads: '.$crypt_parser_error['line']."\n"; } $this->error[] = $message; } else { $this->error[] = '1:Payload not encrypted '; } $crypt_parser->free_resource(); return false; } $key = array_pop($crypt_parser->cipher); $data = array_pop($crypt_parser->cipher); $crypt_parser->free_resource(); // Initialize payload var $decryptedenvelope = ''; // &$decryptedenvelope $isOpen = openssl_open(base64_decode($data), $decryptedenvelope, base64_decode($key), $this->mnet->get_private_key(), 'RC4'); if (!$isOpen) { // Decryption failed... let's try our archived keys $openssl_history = get_config('mnet', 'openssl_history'); if(empty($openssl_history)) { $openssl_history = array(); set_config('openssl_history', serialize($openssl_history), 'mnet'); } else { $openssl_history = unserialize($openssl_history); } foreach($openssl_history as $keyset) { $keyresource = openssl_pkey_get_private($keyset['keypair_PEM']); $isOpen = openssl_open(base64_decode($data), $decryptedenvelope, base64_decode($key), $keyresource, 'RC4'); if ($isOpen) { // It's an older code, sir, but it checks out break; } } } if (!$isOpen) { trigger_error("None of our keys could open the payload from host {$mnet_peer->wwwroot} with id {$mnet_peer->id}."); $this->error[] = '3:No key match'; return false; } if (strpos(substr($decryptedenvelope, 0, 100), '')) { $sig_parser = new mnet_encxml_parser(); $sig_parser->parse($decryptedenvelope); } else { $this->error[] = '2:Payload not signed: ' . $decryptedenvelope; return false; } // Margin of error is the time it took the request to complete. $margin_of_error = $timestamp_receive - $timestamp_send; // Guess the time gap between sending the request and the remote machine // executing the time() function. Marginally better than nothing. $hysteresis = ($margin_of_error) / 2; $remote_timestamp = $sig_parser->remote_timestamp - $hysteresis; $time_offset = $remote_timestamp - $timestamp_send; if ($time_offset > 0) { $threshold = get_config('mnet', 'drift_threshold'); if(empty($threshold)) { // We decided 15 seconds was a pretty good arbitrary threshold // for time-drift between servers, but you can customize this in // the config_plugins table. It's not advised though. set_config('drift_threshold', 15, 'mnet'); $threshold = 15; } if ($time_offset > $threshold) { $this->error[] = '6:Time gap with '.$mnet_peer->name.' ('.$time_offset.' seconds) is greater than the permitted maximum of '.$threshold.' seconds'; return false; } } $xmlrpcresponse = base64_decode($sig_parser->data_object); // Let's convert the xmlrpc back to PHP structure. $response = null; $encoder = new \PhpXmlRpc\Encoder(); $oresponse = $encoder->decodeXML($xmlrpcresponse); // First, to internal PhpXmlRpc\Response structure. if ($oresponse instanceof \PhpXmlRpc\Response) { // Special handling of fault responses (because value() doesn't handle them properly). if ($oresponse->faultCode()) { $response = ['faultCode' => $oresponse->faultCode(), 'faultString' => $oresponse->faultString()]; } else { $response = $encoder->decode($oresponse->value()); // Normal Response conversion to PHP. } } else { // Maybe this is just a param, let's convert it too. $response = $encoder->decode($oresponse); } $this->response = $response; // xmlrpc errors are pushed onto the $this->error stack if (is_array($this->response) && array_key_exists('faultCode', $this->response)) { // The faultCode 7025 means we tried to connect with an old SSL key // The faultString is the new key - let's save it and try again // The rekey attribute stops us from getting into a loop if($this->response['faultCode'] == 7025 && empty($rekey)) { mnet_debug('recieved an old-key fault, so trying to get the new key and update our records'); // If the new certificate doesn't come thru clean_param() unmolested, error out if($this->response['faultString'] != clean_param($this->response['faultString'], PARAM_PEM)) { $this->error[] = $this->response['faultCode'] . " : " . $this->response['faultString']; } $record = new stdClass(); $record->id = $mnet_peer->id; $record->public_key = $this->response['faultString']; $details = openssl_x509_parse($record->public_key); if(!isset($details['validTo_time_t'])) { $this->error[] = $this->response['faultCode'] . " : " . $this->response['faultString']; } $record->public_key_expires = $details['validTo_time_t']; $DB->update_record('mnet_host', $record); // Create a new peer object populated with the new info & try re-sending the request $rekeyed_mnet_peer = new mnet_peer(); $rekeyed_mnet_peer->set_id($record->id); return $this->send($rekeyed_mnet_peer, true); // Re-send mnet_peer with the new key. } if (!empty($CFG->mnet_rpcdebug)) { if (get_string_manager()->string_exists('error'.$this->response['faultCode'], 'mnet')) { $guidance = get_string('error'.$this->response['faultCode'], 'mnet'); } else { $guidance = ''; } } else { $guidance = ''; } $this->error[] = $this->response['faultCode'] . " : " . $this->response['faultString'] ."\n".$guidance; } // ok, it's signed, but is it signed with the right certificate ? // do this *after* we check for an out of date key $verified = openssl_verify($xmlrpcresponse, base64_decode($sig_parser->signature), $mnet_peer->public_key); if ($verified != 1) { $this->error[] = 'Invalid signature'; } return empty($this->error); } /** * Check that we are permitted to call method on specified peer * * @param object $mnet_peer A mnet_peer object with details of the remote host we're connecting to * @return bool True if we permit calls to method on specified peer, False otherwise. */ public function permission_to_call($mnet_peer) { global $DB, $CFG, $USER; // Executing any system method is permitted. $system_methods = array('system/listMethods', 'system/methodSignature', 'system/methodHelp', 'system/listServices'); if (in_array($this->method, $system_methods) ) { return true; } $hostids = array($mnet_peer->id); if (!empty($CFG->mnet_all_hosts_id)) { $hostids[] = $CFG->mnet_all_hosts_id; } // At this point, we don't care if the remote host implements the // method we're trying to call. We just want to know that: // 1. The method belongs to some service, as far as OUR host knows // 2. We are allowed to subscribe to that service on this mnet_peer list($hostidsql, $hostidparams) = $DB->get_in_or_equal($hostids); $sql = "SELECT r.id FROM {mnet_remote_rpc} r INNER JOIN {mnet_remote_service2rpc} s2r ON s2r.rpcid = r.id INNER JOIN {mnet_host2service} h2s ON h2s.serviceid = s2r.serviceid WHERE r.xmlrpcpath = ? AND h2s.subscribe = ? AND h2s.hostid $hostidsql"; $params = array($this->method, 1); $params = array_merge($params, $hostidparams); if ($DB->record_exists_sql($sql, $params)) { return true; } $this->error[] = '7:User with ID '. $USER->id . ' attempted to call unauthorised method '. $this->method.' on host '. $mnet_peer->wwwroot; return false; } /** * Generate a \PhpXmlRpc\Client handle and prepare it for sending to an mnet host * * @param object $mnet_peer A mnet_peer object with details of the remote host the request will be sent to * @return \PhpXmlRpc\Client handle - the almost-ready-to-send http request */ public function prepare_http_request($mnet_peer) { $uri = $mnet_peer->wwwroot . $mnet_peer->application->xmlrpc_server_url; // Instantiate the xmlrpc client to be used for the client request // and configure it the way we want. $client = new \PhpXmlRpc\Client($uri); $client->setUseCurl(\PhpXmlRpc\Client::USE_CURL_ALWAYS); $client->setUserAgent('Moodle'); $client->return_type = 'xml'; // Because MNet responses ARE NOT valid xmlrpc, don't try any validation. // TODO: Link this to DEBUG DEVELOPER or with MNET debugging... // $client->setdebug(1); // See a good number of complete requests and responses. $verifyhost = 0; $verifypeer = false; if ($mnet_peer->sslverification == mnet_peer::SSL_HOST_AND_PEER) { $verifyhost = 2; $verifypeer = true; } else if ($mnet_peer->sslverification == mnet_peer::SSL_HOST) { $verifyhost = 2; } $client->setSSLVerifyHost($verifyhost); $client->setSSLVerifyPeer($verifypeer); return $client; } }